Scott Hanselman

FavIcons, Internet Zones and Projects from a Trustworthy Source

March 28, '10 Comments [5] Posted in Source Code | Tools | VS2010
Sponsored By

You ever download some code or a Visual Studio project from the web then start getting warned that the download might be evil?

When you open a project file that was downloaded from the Internet Zone, you'll get a dialog like this from Visual Studio:

Security Warning - You should only open projects from trustworthy source

Unblock downloaded zip fileIf you're wondering "how does it know?" when your browser downloads something from the net, the zone that it came from gets marked in an Alternate Data Stream within the NTFS file system.

If you use the Streams utility from SysInternals from the command-line you can see the streams on file directly. For example:

C:\>streams.exe DownloadFromTheWeb.zip

Streams v1.56 - Enumerate alternate NTFS data streams
Copyright (C) 1999-2007 Mark Russinovich
Sysinternals - www.sysinternals.com

C:\DownloadFromTheWeb.zip:
   :Zone.Identifier:$DATA       24

Even easier, you can right-click on the file and select properties. Notice that "Unblock" button at the bottom of the dialog. Click that, and you're declaring that you trust this file and by removing the alternate stream data you'll not get warned again.

It's not just projects that get these zone ideas, anything downloaded does, including videos, etc. These streams and zone data persist even when you move or rename files so that the system knows where things come from.

Some other programs put stuff in Alternate Data Streams, like older versions of ETrust Anti-Virus. But, after download files, the other most common use of Alternate Data streams is to store the favicon.ico of a URL file on your computer. You know those tiny icons that you see in the address bar when you surf around? Well, if you make a shortcut to a site on your desktop that .URL file will also include a small version of the favicon so you'll still be able to see it when you are offline.

Favicons in alternate data streams

And here's some of the same files using Streams.exe from the command line:

A Whiteboard and Audio Meeting Capture System.url:
         :favicon:$DATA 894
alastairs's buildprogress at master - GitHub.url:
         :favicon:$DATA 1150
Introducing Versatile DataSources - Peter and the case
of the ASP.NET developer.url:
         :favicon:$DATA 1406
johnvpetersen's Nerd-Dinner-with-Fluent-NHibernate at m
aster - GitHub.url:
         :favicon:$DATA 1150
jQuery Templates Proposal - jquery - GitHub.url:
         :favicon:$DATA 1150
metalscroll - Project Hosting on Google Code.url:
         :favicon:$DATA 1150

As with all things internet, of course, be aware and be smart when you download. Don't just Unblock stuff willy-nilly like me. :)

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by ORCS Web
Sunday, March 28, 2010 3:26:36 PM UTC
I'm glad to see that Alternate Data Streams are getting more legitimate uses.
Sunday, March 28, 2010 4:51:50 PM UTC
The Internet Zone identifier of a zip file gets attached to every file when you extract it. This can be a huge pain if you forget to unblock the file before you unzip. For example, Visual Studio will treat many of the files differently and Windows Help browser will not show contents. Unfortunately it is impossible to unblock more than one file at a time using Windows Explorer.

Streams.exe to the rescue! This will unblock every extracted file:

streams.exe -s -d "directory with extracted files"
Sunday, March 28, 2010 10:46:55 PM UTC
Note that Alternate Data Streams (ADS) are only supported on NTFS, so files stored on other file systems (e.g. FAT) will not offer these features.

More importantly, Alternate Data Streams are not preserved when files are copied/moved over network shares (I'm unsure of whether SMB lacks support for it or if Windows just doesn't make use of it.) At any rate, if you download or move files to a network share, you will not get the download warning nor favicon features, even if you later move them back to a local NTFS drive.

Still, ADS is pretty neat when it works.
Monday, March 29, 2010 10:46:26 AM UTC
Good post. Thanks for this I just hope you can get this working before the big launch!!
Tuesday, March 30, 2010 4:30:52 PM UTC
The streams utility is useful if you want to remove all streams from the files. If you only want to remove the "Zone.Identifier" stream, you'll need an alternative:

http://www.codeproject.com/KB/cs/ntfsstreams.aspx
Richard
Comments are closed.

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.